aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,148 Commits
7 Branches
161 Tags
178 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f15f092a69'
${ noResults }
Commit Graph

644 Commits (f15f092a696ebcafb3f402c511ba24be98557e7f)

Author SHA1 Message Date
Philippe Antoine e3105a6614 ftp: adds a config option ftp-hash for autofp-scheduler 
This allows ftp-data and ftp flows to be processed by the same
thread. Otherwise, there may be a concurrency issue where the
would-be ftp-data flow is first processed, and thus not recognized
as such. And the ftp flow gets processed later and the expectation
coming from it is never found.

To do so, the flow hash gets used as usual, except for flows that
may be either ftp or ftp-data, that is either one port is 21, or
both ports are high ones.

Ticket: #5205
 3 years ago
Jason Ish 1b844cd7f7 doc/userguide: document --include command line option 3 years ago
Philippe Antoine b52293b609 dcerpc: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5779
 3 years ago
Juliana Fajardini 918bd7435c userguide/config: update log format symbols list 
There were some possible format options missing after the recent changes
in the log format.
 3 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option 
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
 3 years ago
jason taylor 0632233791 userguide: update http.cookie description 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Philippe Antoine 55c4834e4e smb: configurable max number of transactions per flow 
Ticket: #5753
 3 years ago
Jason Ish 48f0fd3c74 doc/userguide: update logging section for time formats 
- Update fragment of configuration file to match suricata.yaml with
  new default-log-format.
- Document new %z format specifier.
 3 years ago
Juliana Fajardini 4c7ca2c367 devguide/install: add note about ubuntu version 
We want to make it clear with which system the instructions for
installing from were tested with.
 3 years ago
Juliana Fajardini 377885f420 exception-policies: fix typos 3 years ago
Bazzan Don 6e4a5cee7a devguide: add page on installing suricata from git 
As part of the process of moving documentation from redmine
to "Read the Docs", this commit moves installing Suricata using git
page from redmine wiki into Suricata Developer Guide section.
It also updates the necessary steps.

Ticket: #5585
 3 years ago
Jason Ish 0a4e3d0f82 doc/userguide: ubuntu: install software-properties-common 
This package likely needs to be installed when starting with an Ubuntu
container or other minimal Ubuntu install.

Ticket: #5616
 3 years ago
Richard McConnell b39a4c63fe doc: document AF_XDP feature 3 years ago
Todd Mortimer 15c77be937 swf-decompression: Disable by default. 
Add an entry to the upgrade guide noting the change.

Ticket: #5632
 3 years ago
Jeff Lucovsky 197ad51138 doc: Update bsize documentation 
This commit updates the bsize documentation

1. Describe what happens when "content" immediately precedes "bsize"
2. Include the operators and
3. Include examples using the operators.
 3 years ago
jason taylor 9dc8fffe05 userguide: update tos keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 1d9b91a987 userguide: update fragoffset keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 7c73144988 userguide: update fragbits information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 4be9793e36 userguide: update geoip information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor e8eba6e4a1 userguide: update id keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor cfd0da133e userguide: update ipv6.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 150a04b597 userguide: update ipv4.hdr keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 298f59c2ba userguide: update ip_proto keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 6226492976 userguide: update sameip keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor f97ba44339 userguide: update ipopts keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 9b4e6e5802 userguide: update ttl keyword information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Philippe Antoine ce710181f6 doc: update doc for HTTP file.data to server 
Ticket: #4144

Completes e587f6792a
 3 years ago
Jeff Lucovsky 5a6e68285b doc/netmap: Describe Netmap IPS usage 
Issue: 5512

This commit summarizes Netmap usage with Suricata's IPS mode.
 3 years ago
Jason Ish 9d653512f9 doc/userguide: update bittorrent-dht eve examples 
Update the bittorrent-dht examples using real log records with peers
and nodes broken down into objects.
 3 years ago
Jason Ish 065f3ab9f1 doc: rename bittorrent-dht to bittorrent_dht in eve output 3 years ago
Jason Ish 0ea9ba66d1 userguide/eve-log: remove mentions of requiring Rust 
Rust is required to build now.
 3 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 3 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 3 years ago
Richard McConnell 7f4c1d5e2f doc/systemd: add documentation for sd_notify 3 years ago
Eric Leblond 9fb0137d9d doc: add reference to ipaddr in IP matching 3 years ago
Eric Leblond 3bd48d9336 detect: doc link for ip.src and ip.dst 3 years ago
Eric Leblond da8b16eaeb doc: add ip.dst and ip.src doc 3 years ago
Eric Leblond 3599cbf1c4 doc: document new dataset types 
Feature: #5383
 3 years ago
Eric Leblond a1a22cccd2 doc: document dataset-lookup 
Ticket: #5184
 3 years ago
Eric Leblond 20973e9e6b doc: add dataset-clear command 
Ticket: #5184
 3 years ago
Eric Leblond c5559cb68f doc: document dataset-dump command 
Ticket: #5184
 3 years ago
Victor Julien 2f6c014f70 doc/devguide: update packet (de)alloc in unittests 3 years ago
Lukas Sismis 37cf365e19 docs: remove outdated constraint of negation support for ssl_state 
Commit 487cdda93d adds negation support for the SSL state.
 3 years ago
Juliana Fajardini e4b46e0763 doc/acknowledgements: add a few more names 
Added some names of known contributors to the documentation
 3 years ago
Juliana Fajardini 3c25185e0b devguide: add section about stale tickets policy 
Just to set the right expectations, and to have it registered for us,
too.
 3 years ago
Shivani Bhardwaj 2a0cb1f3da doc: update base64_decode notes 3 years ago
Lukas Sismis e101384e7b transversal: remove suricata-ids.org references 3 years ago
Lukas Sismis a4a69c3e71 doc/dpdk: add IPS setup docs for DPDK mode 
Ticket: #5511
 3 years ago
Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc 
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.

```
import json
from bs4 import BeautifulSoup
import requests

ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')

ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')

ntstatus_parsed = ntstatus_parsed.find('tbody')

ntstatus_dict = {}

for item in ntstatus_parsed.find_all('tr'):
    cell = item.find_all('td')
    if len(cell) == 0:
        continue
    code = cell[0].find_all('p')
    description_ps = cell[1].find_all('p')
    description_list = []
    if len(description_ps):
        for desc in description_ps:
            if not desc.string is None:
                description_list.append(desc.string.replace('\n ', ''))
    else:
        description_list = ['Description not available']
    if not code[0].string.lower() in ntstatus_dict:
        ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}

print(json.dumps(ntstatus_dict))
```

The second one is generating the code that is ready to be inserted into the
source file:

```
import json

ntstatus_file = open('ntstatus.json', 'r')

ntstatus = json.loads(ntstatus_file.read())

declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = '        SMB_NT%s%s=> "%s",\n'

declaration = ""
resolution = ""

text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))

for code in ntstatus.keys():
    text = ntstatus[code]['text']
    text_spaces = ' ' * (4 + text_max - len(text))
    declaration += declaration_format % (text, text_spaces, code)
    resolution += resolution_format % (text, text_spaces, text)

print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
    match c {
''')
print(resolution)
print('''
        _ => { return (c).to_string(); },
    }.to_string()
}
''')
```

Bug #5412.
 3 years ago
jason taylor db5cf1f8f9 userguide: Add rule file globbing option details 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago